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DETAILED ACTION 

I. Claims 34-45 have been examined. 

II. Responses to Applicant's remarks have been given. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

Claims 34, 36, 37, 39, 41 , 42, 44 and 45 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over United States Patent No. 6,061,799 to Eldridge et al., 
hereinafter Eldridge and further in view of United States Patent No. 6,754,349 to Arthan, 
hereinafter Arthan. 

1 . Regarding claim 34, Eldridge discloses a password recovery system for re- 
supplying a password, said password recovery system comprising: 
a communication terminal device for receiving a predetermined service via a network 
using the password (Figures 1, 7 and 8, column 1, lines 66 and 67, column 2, lines 1-3, 



Application/Control Number: 10/684,400 Page 3 

Art Unit: 2431 

9-16 and 64-67, column 3, lines 1-6 and 40-67 and column 7, lines 18-34); 

a portable recording medium for storing the password, the portable recording medium 

being coupled to said communication terminal device (column 1, lines 66 and 67, 

column 2, lines 9-16 and 31-47, column 8, lines 63-67, column 9, lines 1-13 and 28-35 

and column 11, lines 5-33, "diskette 142, CD-ROM 147"), 

wherein said communication terminal device comprises: 

a controller for receiving from an external communication terminal device a signed data 
set, the external communication terminal device guaranteeing legitimacy of the user of 
said communication terminal device and generating the signed data set with a secret 
key, and for outputting to said portable recording medium the received signed data set 
when said portable recording medium is coupled to said communication terminal device 
(Figures 3A, 3B, 5, 6B and 9, column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 and 
64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, "one type of 
encryption key suitable for use as secret parameter 302 is a RSA private encryption 
key", column 7, lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35), 
wherein said portable recording medium comprises: 

a memory for storing a public key corresponding to the secret key (Figure 4, column 2, 
lines 31-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-14 and 35- 
55, column 6, lines 44-67 and column 7, lines 1-14); 

a controller for inputting from said communication terminal device the signed data set, 
and forjudging using the public key and the signed data set whether the signed data set 
is signed by the external communication terminal device, wherein said controller of said 
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portable medium recovers the same password as the password stored in said memory 
of said portable recording medium when it is judged that the signed data set is signed 
by the external communication terminal device, and outputs the recovered password to 
said communication terminal device (column 5, lines 35-67, column 6, lines 1-11, 
column 7, lines 49-67 and column 8, lines 1-12, "posts the complementary 
authentication information to server process 216 or another server within the same 
domain so that the server will receive information sufficient to allow the client process to 
prove knowledge of the password"), 

wherein said controller of said portable recording medium does not recover the same 
password as the password stored in said memory of said portable recording medium 
when it is judged that the signed data set is not signed by the external communication 
terminal device (Figure 5, element 506, "match?", Figure 7, element 708, "match?" and 
Figure 8, element 814, "match?", column 3, lines 2-10, "the apparatus comprises 
authorization logic responsive to one of the plurality of passwords and the secret 
parameter for allowing access by the identified client process", column 5, lines 39-48, 
"the term 'key' may refer to any data or authentication information which is currently 
used by a process to partake in an authentication protocol. For example, keys 308 may 
comprise a password itself, a one-way hash of a password, a public key corresponding 
to a private key derived from data including the password...", column 7, lines 34-39, "If 
the public key identifier received from process 216 does not match any of the public key 
identifiers 308C stored within ID file 300, the attempt to access server process 216 fails 
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and the authentication process terminates" and column 10, lines 23-54, "If no match 
occurs, the process ends"). 

2. Eldridge significantly discloses the claimed invention, as cited above. However, 
Eldridge does not substantially disclose the claim language found within claims 34, 37, 
42 and 45 pertaining to "based on an indication for recovering the password from a user 
of said communication terminal device when the user forgets the password". Arthan 
discloses this claim language, as cited below. 

3. Regarding claims 34, 37, 42 and 45, Arthan discloses the claim language of 
based on an indication for recovering the password from a user of said communication 
terminal device when the user forgets the password (column 4, lines 17-27, "is 
obtainable even if the password is forgotten" and lines 33-45). 

4. The motivation to combine to provide "a recovery process whereby key or other 
secret material, loaded under password protection onto a removable storage medium 
which is to be inserted into the first site computer when required, is obtainable even if 
the password is forgotten or the storage medium is faulty" (Arthan - column 4, lines 17- 
22). 

5. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Arthan within the teachings 
of Eldridge so that "if the password is forgotten or the storage medium proves to be 
faulty, the first site computer will be unusable since the recovery key, required for 
decryption purposes, will not be available to it directly" (Arthan - column 4, lines 42-45). 
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6. Regarding claim 36, Eldridge discloses wherein said memory of said portable 
recording medium stores a predetermined number indicating a number of the signed 
data set that is required to recover the password, and wherein said controller of said 
portable recording medium counts a number of the signed data set when it is judged 
that the signed data set is signed by the external communication terminal device, 
recovers the same password as the password stored in said memory of said portable 
recording medium when the counted number of the signed data set reaches the 
predetermined number stored in said memory of said portable recording medium, and 
outputs the recovered password to said communication terminal device (column 1, lines 
66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, lines 
62-67, column 5, lines 1-24 and lines 35-67, column 6, lines 1-11, column 7, lines 19- 
67, column 8, lines 1-12, "posts the complementary authentication information to server 
process 216 or another server within the same domain so that the server will receive 
information sufficient to allow the client process to prove knowledge of the password" 
and lines 63-67 and column 9, lines 1-13 and 28-35). 

7. Regarding claim 37, Eldridge discloses a communication terminal device for re- 
supplying a password to a user of the communication terminal device and for receiving 
a predetermined service via a network using the password , wherein a portable 
recording medium is coupled to said communication terminal device, the portable 
recording medium storing the password (column 5, lines 35-67, column 6, lines 1-11, 
column 7, lines 49-67 and column 8, lines 1-12, "posts the complementary 
authentication information to server process 216 or another server within the same 
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domain so that the server will receive information sufficient to allow the client process to 

prove knowledge of the password"), 

said communication terminal device comprising: 

a controller for receiving from an external communication terminal device a signed data 
set, the external communication terminal device guaranteeing legitimacy of the user of 
said communication terminal device and generating the signed data set with a secret 
key, and for outputting to the portable recording medium the received signed data set 
when the portable recording medium is coupled to said communication terminal device 
(Figure 4, column 2, lines 31-67, column 3, lines 1-10, column 4, lines 62-67, column 5, 
lines 1-14 and 35-55, column 6, lines 44-67 and column 7, lines 1-14), 
wherein the portable recording medium comprises: 

a memory for storing the password and a public key corresponding to the secret 
key (Figures 3A, 3B, 5, 6B and 9, column 1, lines 66 and 67, column 2, lines 1-8, 31-47 
and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, "one type 
of encryption key suitable for use as secret parameter 302 is a RSA private encryption 
key", column 7, lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35); 
a controller for inputting from said communication terminal device the signed data set, 
and forjudging, using the public key and the signed data set, whether the signed data 
set is signed by the external communication terminal device, wherein the controller of 
the portable recording medium recovers the same password as the password stored in 
the memory of the portable recording medium when it is judged that the signed data set 
is signed by the external communication terminal device, and outputs the recovered 
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password to said communication terminal device (column 1, lines 66 and 67, column 2, 
lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 
1-24 and lines 35-67, column 6, lines 1-11, column 7, lines 19-67, column 8, lines 1-12, 
"posts the complementary authentication information to server process 216 or another 
server within the same domain so that the server will receive information sufficient to 
allow the client process to prove knowledge of the password" and lines 63-67 and 
column 9, lines 1-13 and 28-35), 

wherein the controller of the portable recording medium does not recover the same 
password as the password stored in the memory of the portable recording medium 
when it is judged that the signed data set is not signed by the external communication 
terminal device (Figure 5, element 506, "match?", Figure 7, element 708, "match?" and 
Figure 8, element 814, "match?", column 3, lines 2-10, "the apparatus comprises 
authorization logic responsive to one of the plurality of passwords and the secret 
parameter for allowing access by the identified client process", column 5, lines 39-48, 
"the term 'key' may refer to any data or authentication information which is currently 
used by a process to partake in an authentication protocol. For example, keys 308 may 
comprise a password itself, a one-way hash of a password, a public key corresponding 
to a private key derived from data including the password...", column 7, lines 34-39, "If 
the public key identifier received from process 216 does not match any of the public key 
identifiers 308C stored within ID file 300, the attempt to access server process 216 fails 
and the authentication process terminates" and column 10, lines 23-54, "If no match 
occurs, the process ends"). 
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8. Regarding claim 39, Eldridge discloses wherein the memory of the portable 
recording medium stores a predetermined number indicating a number of the signed 
data set that is required to recover the password (Figure 4, column 2, lines 31-67, 
column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-14 and 35-55, column 6, 
lines 44-67 and column 7, lines 1-14), 

wherein the controller of the portable recording medium counts a number of the signed 
data set when it is judged that the signed data set is signed by the external 
communication terminal device, recovers the same password as the password stored in 
the memory of the portable recording medium when the counted number of the signed 
data set reaches the predetermined number stored in the memory of the portable 
recording medium, and outputs the recovered password to said communication terminal 
device (Figures 3A, 3B, 5, 6B and 9, column 1, lines 66 and 67, column 2, lines 1-8, 31- 
47 and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, column 
7, lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35). 

9. Regarding claim 41 , Eldridge discloses a memory for storing a piece of 
application software corresponding to the recovered password output from the portable 
recording medium, wherein said controller of said communication terminal device 
performs the piece of the application software using the recovered password (column 1, 
lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, 
lines 62-67, column 5, lines 1 -24 and lines 35-67, column 6, lines 1-11, column 7, lines 
19-67, column 8, lines 1-12, "posts the complementary authentication information to 
server process 21 6 or another server within the same domain so that the server will 
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receive information sufficient to allow the client process to prove knowledge of the 
password" and lines 63-67 and column 9, lines 1-13 and 28-35). 
10. Regarding claim 42, Eldridge discloses a portable recording medium capable of 
being coupled to a communication terminal device for receiving a predetermined service 
via a network using a password and for re-supplying the password to a user of the 
communication terminal device, the communication terminal device receiving from an 
external communication terminal device a signed data set, the external communication 
terminal device guaranteeing legitimacy of the user of the communication terminal 
device and generating the signed data set with a secret key, and for outputting to said 
portable recording medium the received signed data set when said portable recording 
medium is coupled to the communication terminal device (Figures 3A, 3B, 5, 6B and 9, 
column 1, lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, 
column 4, lines 62-67, column 5, lines 1 -24 and 56-67, column 7, lines 1 -1 1 and 1 9-48, 
column 8, lines 63-67 and column 9, lines 1-13 and 28-35), 
said portable recording medium comprising: 

a memory for storing the password and a public key corresponding to the secret key 
(Figures 3A, 3B, 5, 6B and 9, column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 and 
64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, "one type of 
encryption key suitable for use as secret parameter 302 is a RSA private encryption 
key", column 7, lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35); 
and a controller for inputting from the communication terminal device the signed data 
set, forjudging using the public key and the signed data set whether the signed data set 
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is signed by the external communication terminal device, wherein said controller 
recovers the same password as the password stored in said memory of said portable 
recording medium when it is judged that the signed data set is signed by the external 
communication terminal device, and outputs the recovered password to the 
communication terminal device (column 1, lines 66 and 67, column 2, lines 1-8, 31-47 
and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24 and lines 
35-67, column 6, lines 1-11, column 7, lines 19-67, column 8, lines 1-12, "posts the 
complementary authentication information to server process 216 or another server 
within the same domain so that the server will receive information sufficient to allow the 
client process to prove knowledge of the password" and lines 63-67 and column 9, lines 
1-13 and 28-35), 

wherein said controller does not recover the same password as the password stored in 
said memory of said portable recording medium when it is judged that the signed data 
set is not signed by the external communication terminal device (Figure 5, element 506, 
"match?", Figure 7, element 708, "match?" and Figure 8, element 814, "match?", column 
3, lines 2-10, "the apparatus comprises authorization logic responsive to one of the 
plurality of passwords and the secret parameter for allowing access by the identified 
client process", column 5, lines 39-48, "the term 'key' may refer to any data or 
authentication information which is currently used by a process to partake in an 
authentication protocol. For example, keys 308 may comprise a password itself, a one- 
way hash of a password, a public key corresponding to a private key derived from data 
including the password...", column 7, lines 34-39, "If the public key identifier received 
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from process 216 does not match any of the public key identifiers 308C stored within ID 
file 300, the attempt to access server process 216 fails and the authentication process 
terminates" and column 10, lines 23-54, "If no match occurs, the process ends"). 

1 1 . Regarding claim 44, Eldridge discloses wherein said memory stores a 
predetermined number indicating a number of the signed data set that is required to 
recover the password (Figure 4, column 2, lines 31-67, column 3, lines 1-10, column 4, 
lines 62-67, column 5, lines 1-14 and 35-55, column 6, lines 44-67 and column 7, lines 
1-14), 

wherein said controller counts a number of the signed data set when it is judged that the 
signed data set is signed by the external communication terminal device, recovers the 
same password as the password stored in said memory of said portable recording 
medium when the counted number of the signed data set reaches the predetermined 
number stored in said memory of said portable recording medium, and outputs the 
recovered password to the communication terminal device (Figures 3A, 3B, 5, 6B and 9, 
column 1, lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, 
column 4, lines 62-67, column 5, lines 1-24, column 7, lines 19-48, column 8, lines 63- 
67 and column 9, lines 1-13 and 28-35). 

12. Regarding claim 45, Eldridge teaches a password recovery method for re- 
supplying a password using a communication terminal device and a portable recording 
medium coupled to the communication terminal device, the communication terminal 
device receiving a predetermined service via a network using the password, and the 
portable recording medium storing the password, the method comprising: 
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receiving, at the communication terminal device, from an external communication 
terminal device a signed data set, the external communication terminal device 
guaranteeing legitimacy of the user of the communication terminal device and 
generating the signed data set with a secret key (Figures 3A, 3B, 5, 6B and 9, column 1 , 
lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, 
lines 62-67, column 5, lines 1-24 and 56-67, column 7, lines 1-11 and 19-48, column 8, 
lines 63-67 and column 9, lines 1-13 and 28-35); 

outputting, at the communication terminal device, to the portable recording medium the 
received signed data set when the portable recording medium is coupled to the 
communication device (column 1, lines 66 and 67, column 2, lines 1-8, 31-47 and 64- 
67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24 and lines 35-67, 
column 6, lines 1-11, column 7, lines 19-67, column 8, lines 1-12, "posts the 
complementary authentication information to server process 216 or another server 
within the same domain so that the server will receive information sufficient to allow the 
client process to prove knowledge of the password" and lines 63-67 and column 9, lines 
1-13 and 28-35); 

storing, at the portable recording medium, the password and a public key corresponding 
to the secret key (Figures 3A, 3B, 5, 6B and 9, column 1 , lines 66 and 67, column 2, 
lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 
1-24 and 56-67, column 7, lines 1-11 and 19-48, column 8, lines 63-67 and column 9, 
lines 1-13 and 28-35); 

inputting, at the portable recording medium, from the communication terminal device the 
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signed data set (Figure 4, column 2, lines 31-67, column 3, lines 1-10, column 4, lines 
62-67, column 5, lines 1-14 and 35-55, column 6, lines 44-67 and column 7, lines 1-14); 
and judging, at the portable recording medium, using the public key and the signed data 
set whether the signed data set is signed by the external communication terminal device 
(Figures 3A, 3B, 5, 6B and 9, column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 and 
64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, "one type of 
encryption key suitable for use as secret parameter 302 is a RSA private encryption 
key", column 7, lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35)^ 
wherein, when it is judged by said judging that the signed data set is signed by the 
external communication terminal device, the portable recording medium recovers the 
same password as the password stored in the memory of the portable recording 
medium, and outputs the recovered password to the communication terminal device 
(column 1, lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, 
column 4, lines 62-67, column 5, lines 1 -24 and lines 35-67, column 6, lines 1-11, 
column 7, lines 19-67, column 8, lines 1-12, "posts the complementary authentication 
information to server process 216 or another server within the same domain so that the 
server will receive information sufficient to allow the client process to prove knowledge 
of the password" and lines 63-67 and column 9, lines 1-13 and 28-35), 
wherein, when it is judged by said judging that the signed data set is not signed by the 
external communication terminal device, the portable recording medium does not 
recover the same password as the password stored in the memory of the portable 
recording medium (Figure 5, element 506, "match?", Figure 7, element 708, "match?" 
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and Figure 8, element 814, "match?", column 3, lines 2-10, "the apparatus comprises 
authorization logic responsive to one of the plurality of passwords and the secret 
parameter for allowing access by the identified client process", column 5, lines 39-48, 
"the term 'key' may refer to any data or authentication information which is currently 
used by a process to partake in an authentication protocol. For example, keys 308 may 
comprise a password itself, a one-way hash of a password, a public key corresponding 
to a private key derived from data including the password...", column 7, lines 34-39, "If 
the public key identifier received from process 216 does not match any of the public key 
identifiers 308C stored within ID file 300, the attempt to access server process 216 fails 
and the authentication process terminates" and column 10, lines 23-54, "If no match 
occurs, the process ends"). 

1 3. Claims 35, 38 and 43 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Eldridge and Arthan, as applied to claims 34, 37 and 42, respectively, above, and 
further in view of United States Patent No. 6,947,571 to Rhoads et al., hereinafter 
Rhoads. 

14. Eldridge and Arthan significantly disclose the claimed invention, as applied to 
claims 35, 38 and 43, respectively, as cited above. However, Eldridge and Arthan fail to 
disclose the claim limitations of claims 35, 38 and 43 with respect to the claim language 
of "expiration period" and "date/time information". Rhoads discloses these claim 
limitations, as cited below. 

1 5. Regarding claims 35, 38 and 43, Rhoads discloses wherein said memory of said 
portable recording medium stores an expiration period for receiving the signed data set 
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(column 54, lines 24-31 , column 66, lines 53-67 and column 67, lines 1-11), 
wherein the signed data set includes date/time information, the date/time information 
indicating a date and time at which the signed data set is generated at the external 
communication terminal device (column 67, lines 18-23), 

wherein said controller of the portable recording medium judges using the public key 
and the signed data set whether the signed data set is signed by the external 
communication terminal device and whether the date/time information is within the 
expiration period stored in said memory, recovers the same password as the password 
stored in said memory of said portable recording medium when it is judged that the 
signed data set is signed by the external communication terminal device and that the 
date/time information is within the expiration period stored in said memory, and outputs 
the recovered password to said communication terminal device (column 54, lines 24-31, 
column 55, lines 9-18, "each part may be assigned a unique password", column 61, 
lines 25-29, column 63, lines 2-10, column 66, lines 53-67, column 67, lines 1-1 1 and 
column 77, lines 8-35). 

16. The motivation to combine would be that "if the previously used name and 
password are no longer valid, the user has to provide a valid name and password in 
order to continue embedding for the media owner" (Rhoads - column 77, lines 17-20). 

1 7. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Rhoads with the teachings 
of Eldridge and Arthan so that "access to the registration information is limited to only 
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explicitly authorized accounts. Accounts are password protected" (Rhoads - column 55, 
lines 9-13). 

18. Claim 40 is rejected under 35 U.S.C. 103(a) as being unpatentable over Eldridge 
and Arthan, as applied to claim 37 above, and further in view of United States Patent 
No. 6,820,204 to Desai et al., hereinafter Desai. 

19. Eldridge and Arthan significantly disclose the claimed invention, as applied to 
claim 37, as cited above. However, Eldridge and Arthan fail to disclose the claim 
limitation of claim 40 pertaining to "a display for displaying the recovered password 
output from the portable recording medium". Desai discloses this limitation, as cited 
below. 

20. Regarding claim 40, Desai discloses a display for displaying the recovered 
password output from the portable recording medium (Figures 41 and 42, column 4, 
lines 32-67, "information exchange system and its storage system may be distributed 
across a plurality of devices", column 5, lines 66 and 67, column 6, lines 1-25, column 9, 
lines 19-31, column 15, lines 27-44 and 55-67, column 16, lines 1-3, column 20, lines 
36-67, column 21, lines 1-9, column 22, lines 23-43, column 27, lines 35-67 and column 
28, lines 1-18). 

21 . The motivation to combine would be to provide "a system and method for 
information exchange that provides control over the content of stored information, as 
well as control over the access to the stored information" (Desai - column 3, lines 35- 
41). 
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22. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Desai with the teachings of 
Eldridge and Arthan in order "to allow each respective registered user to access, edit 
and manage the registered user's profile data through a network device" (Desai - 
column 3, lines 45-62). 

Response to Arguments 

23. Applicant's arguments with respect to claims 34-45 have been considered but are 
moot in view of the new ground(s) of rejection. 



Conclusion 

24. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See M PEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

25. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

26. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

27. The following United States Patents and Patent Application Publication are cited 
to further show the state of the art with respect to the recovery of data, such as: 

United States Patent No. 7,083,090 to Zuili which is cited to show a remote and 
universal smartcard authentication and authorization device. 

United States Patent No. 6,185,308 to Ando et al., which is cited to show a key 
recovery system. 

United States Patent Application Publication No.20020034305 to Noyama et al., 
which is cited to show a method and system for issuing service and a method and 
system for providing service. 

United States Patent No. 6,178,51 1 to Cohen et al., which is cited to show 
coordinating user target logons in a single sign-on (SSO) environment. 

United States Patent No. 6,971 ,005 to Henry et al., which is cited to show a 
mobile host using a virtual single account client and server system for network access 
and management. 

United States Patent No. 7,1 1 1 ,321 to Watts et al., which is cited to show a 
portable computer system with hierarchical and token-based security policies. 
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United States Patent No. 6,940,980 to Sandhu, et al., which is cited to show a 
high security cryptosystem. 

United States Patent No. 6,792,536 to Teppler, which is cited to show a smart 
card system and methods for proving dates in digital files. 

United States Patent No. 7,469,341 to Edgett, et al., which is cited to show a 
method and system for associating a plurality of transaction data records generated in a 
service access system. 

28. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JEREMIAH AVERY whose telephone number is 

(571 )272-8627. The examiner can normally be reached on Monday thru Friday 8:30am- 
5pm. 

29. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Korzuch can be reached on (571) 272-7589. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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30. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Jeremiah Avery/ 
Examiner, Art Unit 2431 

/Syed Zia/ 

Primary Examiner, Art Unit 2431 



